I have two other related questions:
(1) I have a book that briefly mentions "PHP's Superglobal Variables" that are prefixed by $_SERVER that have environment data. On page 93 you assign 'user_id' and 'username' to similar variables and on page 96 an entire array to $_SESSION itself. Are these like HTML's session variables and can you rely on the data safely being there during a session?
(2) User accounts and logging in are kind of related. On page 5 you say "because you'll be storing information about customers, there are other laws involved . . . [and] the U.S. also has precise rules." I looked ahead and on page 266 it says "checkout.php behaves like register.php from Chapter 4." On page 169 there is a Customers table which must be present because the Orders table on the next page needs the customer_id. But it doesn't have a password column like the Users table has on page 52. That means that managing passswords is not possible as on pages 96-103. In fact, once the user has entered personal data, maybe he can't even go back and correct a mistake. Is that because the rules mentioned on page 5 limit what a user is permitted to do?